Cheap Device Bypasses AMD, Intel Memory Encryption TechTarget and Informa Tech’s Digital Business Combine.TechTarget and InformaTechTarget and Informa Tech’s Digital Business Combine.Together, we power an unparalleled network of 220+ online properties covering 10,000+ granular topics, serving an audience of 50+ million professionals with original, objective content from trusted sources. We help you gain critical insights and make more informed decisions across your business priorities.Dark Reading Resource LibraryBlack Hat NewsOmdia CybersecurityAdvertiseNewsletter Sign-UpNewsletter Sign-UpCybersecurity TopicsRelated TopicsApplication SecurityCybersecurity CareersCloud SecurityCyber RiskCyberattacks & Data BreachesCybersecurity AnalyticsCybersecurity OperationsData PrivacyEndpoint SecurityICS/OT SecurityIdentity & Access Mgmt SecurityInsider ThreatsIoTMobile SecurityPerimeterPhysical SecurityRemote WorkforceThreat IntelligenceVulnerabilities & ThreatsRecent in Cybersecurity TopicsVulnerabilities & ThreatsCritical Flaw in Oracle Identity Manager Under ExploitationCritical Flaw in Oracle Identity Manager Under ExploitationbyRob WrightNov 24, 20252 Min ReadApplication SecurityInfamous Shai-hulud Worm Resurfaces From the DepthsInfamous Shai-hulud Worm Resurfaces From the DepthsbyAlexander CulafiNov 24, 20254 Min ReadWorld Related TopicsDR GlobalMiddle East & AfricaAsia PacificRecent in World See AllApplication SecurityLINE Messaging Bugs Open Asian Users to Cyber EspionageLINE Messaging Bugs Open Asian Users to Cyber EspionagebyTara SealsNov 21, 20257 Min ReadEndpoint SecurityChina's 'PlushDaemon' Hackers Infect Routers to Hijack Software UpdatesChina's 'PlushDaemon' Hackers Infect Routers to Hijack Software UpdatesbyNate Nelson, Contributing WriterNov 20, 20253 Min ReadThe EdgeDR TechnologyEventsRelated TopicsUpcoming EventsPodcastsWebinarsSEE ALLResourcesRelated TopicsResource LibraryNewslettersPodcastsReportsVideosWebinarsWhite Papers Partner PerspectivesDark Reading Resource LibraryVulnerabilities & ThreatsCyber RiskCybersecurity OperationsСloud SecurityNewsCheap Hardware Module Bypasses AMD, Intel Memory EncryptionResearchers built an inexpensive device that circumvents chipmakers' confidential computing protections and reveals weaknesses in scalable memory encryption.Rob Wright, Senior News Director, Dark ReadingNovember 25, 20255 Min ReadSource: Andreas Prott via Alamy Stock PhotoThe last decade-plus has seen a wealth of advancements designed to secure data at the microprocessor level, but a team of academic researchers recently punched through those defenses with a tiny hardware module that cost less than $50 to build.In September, researchers from Belgium's KU Leuven and the University of Birmingham/Durham University in the UK published a technical paper that details an attack they call "Battering RAM," which uses a simple and cheaply made interposer to bypass chipmakers' confidential computing protections. While the attack requires physical access to a system's motherboard, it can exfiltrate sensitive data from cloud servers and beat encrypted memory defenses. The team will present its research in a Black Hat Europe 2025 session next month and discuss how the attack vector puts cloud providers and their customers' data at risk. In an interview with Dark Reading, two members of the research team explain how encrypted memory protections aren't as strong as they used to be — and why performance tradeoffs are to blame.Building the "Battering RAM"The concept behind confidential computing architectures is fairly simple: in the age of widespread cloud adoption, the technology protects organizations' sensitive data and workloads from being accessed or tampered with by unauthorized parties, including the cloud providers themselves. Microprocessor companies like Intel and AMD accomplish this by creating hardware-based enclaves in their chips' trusted execution environments (TEEs) that isolate sensitive data from the rest of the system, including the operating system and hypervisor. Related:Critical Flaw in Oracle Identity Manager Under ExploitationA key ingredient of these TEEs is memory encryption; Intel SGX/TDX and AMD SEV-SNP technologies have dedicated memory encryption engines that protect data moving from the CPU to the system's dynamic random access memory (DRAM). "Of course, CPUs don't have a lot of memory. They still need external DRAM to store data from these confidential VMs and so on," says Jesse De Meulemeester, a researcher with the Computer Security and Industrial Cryptography (COSIC) group in Department of Electrical Engineering at KU Leuven. "But they consider the DRAM untrusted so what they did was implement memory encryption." De Meulemeester and his fellow researchers had studied memory encryption and developed an attack technique last year called "BadRAM," which uses "rogue" memory modules to access encrypted memory by tampering with the chips' configuration during the boot process. While AMD and Intel introduced new protections to mitigate BadRAM attacks, the research team found another — and more impactful — way to bypass confidential computing.Related:Fortinet Woes Continue With Another WAF Zero-Day FlawWith the Battering RAM attack, the team created a small circuit board, known as an interposer, that is physically placed on a system in the memory path between the CPU and DRAM. Using simple analog switches, the interposer sends signals to the CPU to trick it into sending protected addresses to attacker-controlled locations where threat actors can corrupt or replay the encrypted memory. Like BadRAM, the attack manipulates physical address aliasing to bypass confidential computing defenses. However, Battering RAM introduces memory aliases dynamically at runtime instead of exclusively during the boot process. The interposer is also very cheap to build. While physical hacks have long posed risks to encrypted data and secure enclaves, some of the tools needed for such hacks can be expensive. As an example, commercial DRAM interposers that boast specialized signal analyzers can cost more than $150,000."It's not in the realm of $100,000 anymore," says Jo Van Bulck, a professor with the DistriNet Research Unit at KU Leuven. "The practicality here was one of our goals."Performance Gains Lead to Weaker SecurityRelated:Cursor Issue Paves Way for Credential-Stealing AttacksVan Bulck says that while AMD and Intel should be commended for strengthening security, there have been "a couple recent developments where they've dropped the ball." Specifically, the chip makers made changes to earlier designs that made encrypted memory more susceptible to physical attacks.The security advancements AMD and Intel introduced created complications for memory access, De Meulemeester explains. For example, early versions of the confidential computing architectures only protected up to 256MB of memory. And that doesn't cut it in today's world of high-performance computing and intensive AI models."If you think you're running AI inference with 256MB of memory, well, that's never going to happen," De Meulemeester says.The latest designs — including Intel Scalable SGX and TDX, and AMD SEV — scaled up the memory encryption to cover the full DRAM. But those improvements apparently sacrificed some key protections. De Meulemeester says the chip makers dropped two memory encryption features designed to prevent physical attacks: cryptographic integrity checks, which uses attestation to make sure the software and hardware have not been tampered with, and freshness protection, which ensures that data in the enclave hasn't been rolled back to earlier versions.Without the earlier protections against physical attacks, threat actors not only place low-cost Battering RAM devices in a cloud data center and wreak havoc on customers, they could potentially commit supply chain attacks with even bigger impacts. De Meulemeester explains that the devices are small enough that a bad actor could place them on motherboards during the manufacturing process. And because the interposers are completely invisible to the CPU and operating system, it's unlikely they would be detected without inspecting the hardware."One of the most fundamental ways you could protect against this is by going back to the strong memory encryption models with integrity and freshness protections. That would completely solve this problem," De Meulemeester says, noting that such changes cannot be made through a software or firmware update, only a redesign of the memory encryption scheme.The researchers say that while AMD and Intel were responsive to the research, they ultimately decided that Battering RAM attacks were out of scope, largely because attacks require physical access. Van Bulck says that while he understands the chip makers' view, he and the rest of the research team feel the risks of physical attacks are substantial and that customers should know that confidential computing protections only go so far."We can be critical of companies like Intel and AMD, but I think that they have invested massively in trying to make attacks hard, and I think they're succeeding in that," Van Bulck says. "With the shift to the cloud and confidential computing, these workloads have to scale, which is a good thing. However, that scalability comes at a price."Read more about:Black Hat NewsAbout the AuthorRob WrightSenior News Director, Dark ReadingRob Wright is a longtime reporter with more than 25 years of experience as a technology journalist. Prior to joining Dark Reading as senior news director, he spent more than a decade at TechTarget's SearchSecurity in various roles, including senior news director, executive editor and editorial director. Before that, he worked for several years at CRN, Tom's Hardware Guide, and VARBusiness Magazine covering a variety of technology beats and trends. Prior to becoming a technology journalist in 2000, he worked as a weekly and daily newspaper reporter in Virginia, where he won three Virginia Press Association awards in 1998 and 1999. He graduated from the University of Richmond in 1997 with a degree in journalism and English. A native of Massachusetts, he lives in the Boston area. See more from Rob WrightMore InsightsIndustry Reports2025 State of Threat Intelligence: What it means for your cybersecurity strategyGartner Innovation Insight: AI SOC AgentsState of AI and Automation in Threat IntelligenceGuide to Network Analysis Visibility SolutionsOrganizations Require a New Approach to Handle Investigation and Response in the CloudAccess More ResearchWebinarsIdentity Security in the Agentic AI EraHow AI & Autonomous Patching Eliminate Exposure RisksSecuring the Hybrid Workforce: Challenges and SolutionsCybersecurity Outlook 2026Threat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesMore WebinarsYou May Also LikeBlack Hat Middle East & AfricaCybersecurity OperationsDo National Data Laws Carry Cyber-Risks for Large Orgs?Do National Data Laws Carry Cyber-Risks for Large Orgs?byNate Nelson, Contributing WriterNov 19, 20254 Min ReadKeep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.SubscribeWebinarsIdentity Security in the Agentic AI EraTues, Dec 9, 2025 at 1pm ESTHow AI & Autonomous Patching Eliminate Exposure RisksOn-DemandSecuring the Hybrid Workforce: Challenges and SolutionsTues, Nov 4, 2025 at 1pm ESTCybersecurity Outlook 2026Virtual Event | December 3rd, 2025 | 11:00am - 5:20pm ET | Doors Open at 10:30am ETThreat Hunting Tools & Techniques for Staying Ahead of Cyber AdversariesTuesday, Oct 21, 2025 at 1pm ESTMore WebinarsWhite PapersSecure SAST. Innovate Fast: The future of SaaS and Cloud SecurityWhat Can an AI-Powered AppSec Engineer Do?How Squarespace and Semgrep Scaled Secure Development Across Thousands of ReposMissing 88% of Exploits: Rethinking KEV in the AI EraThe Straightforward Buyer's Guide to EDRExplore More White PapersDiscover MoreBlack HatOmdiaWorking With UsAbout UsAdvertiseReprintsJoin UsNewsletter Sign-UpFollow UsCopyright © 2025 TechTarget, Inc. d/b/a Informa TechTarget. This website is owned and operated by Informa TechTarget, part of a global network that informs, influences and connects the world’s technology buyers and sellers. All copyright resides with them. Informa PLC’s registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. TechTarget, Inc.’s registered office is 275 Grove St. Newton, MA 02466.Home|Cookie Policy|Privacy|Terms of Use

The research team at KU Leuven and the University of Birmingham/Durham University has unveiled a novel attack vector dubbed “Battering RAM” that bypasses established confidential computing protections employed by chipmakers like AMD and Intel. This attack, detailed in a technical paper and slated for presentation at Black Hat Europe 2025, utilizes a relatively inexpensive, custom-built interposer to exfiltrate sensitive data from cloud servers by manipulating memory access. The core innovation lies in the dynamic manipulation of memory aliases at runtime, rather than relying on static configurations during the boot process.

The team’s findings highlight a critical vulnerability within current memory encryption strategies – specifically, the reliance on 256MB of memory encryption, which is insufficient for modern, computationally intensive workloads like artificial intelligence and high-performance computing. The researchers demonstrate how reducing the integrity and freshness checks in the memory encryption schemes – features designed to prevent physical attacks – dramatically opened the door for exploitation. The Battering RAM device, a small circuit board costing less than $50, can be placed on a motherboard and used to corrupt or replay encrypted memory data.

Crucially, the attack doesn’t require physical access at the time of the initial system boot. Instead, the interposer is placed somewhere within the memory path, allowing the threat actor to initiate the attack later. This contrasts with prior "BadRAM" attacks, which leveraged rogue memory modules during the boot process. The team’s research underscores the potential risks associated with the shift to cloud computing and confidential computing architectures, particularly as organizations increasingly rely on dynamic and scalable workloads.

The Battering RAM attack illustrates a complex interplay of factors: the inherent limitations of memory encryption strategies, the potential for performance tradeoffs, and a lack of vigilance regarding the integrity and freshness of encrypted memory. While AMD and Intel responded to the initial "BadRAM" threats, the research team found that subsequent security enhancements inadvertently created vulnerabilities that the Battering RAM device successfully exploited. The team's demonstration emphasizes the ongoing need for organizations and cloud providers to continually assess, refine, and strengthen their confidential computing defenses, particularly against physical attacks that utilize seemingly benign hardware. The researchers’ work compels a critical evaluation of trust assumptions in cloud environments and prompts a deeper understanding of how physical security interacts with software-based protections.